[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: KeyNote draft available
This looks very interesting! I am a bit confused about how the
$ACTION_SIGNERS keys fit into the evaluation algorithm. It says:
> The $ACTION_SIGNERS attribute is used to
> provide the initial keys to match against the KEY-PREDICATEs.
Then in the description of the algorithm it says:
> For each KeyNote assertion passed to the evaluation engine, the
> following steps are taken:
>
> The TRUST-PREDICATE expression is evaluated. If the result is
> boolean TRUE, and the key expression in the KEY-PREDICATE
> field is also true, the request is approved. Otherwise, it is
> rejected.
>
> The KEY-PREDICATE field public-key expression is evaluated as
> follows:
>
> Let the key expression contain public key PK_i. A boolean
> variable `PK_i' corresponds to this key.
>
> If there is no assertion in which PK_i is the
> SIGNER, then the boolean variable `PK_i' is false.
>
> If there is at least one assertion in which PK_i is
> the source, then the boolean variable `PK_i' is true
> if and only if at least one of those assertions is true.
I think it means that keys in $ACTION_SIGNERS get their PK_i evaluated
to true, whether they are the SIGNER of any assertions or not, right?
Another question:
> For each KeyNote assertion passed to the evaluation engine, the
> following steps are taken:
Is this literally true, that if any of the assertions have a
TRUST-PREDICATE evaluate to true, and the KEY-PREDICATE is also true,
then the action is authorized? What about:
> If the KEY-EXPR field is empty, it always
> evaluates to TRUE and is used for direct authorization of a
> TRUST-PREDICATE by a policy or a credential.
Does this mean that a credential like:
KEY-EXPR:
TRUST-PREDICATE: true
would authorize all actions? It seems to meet the criteria in the rules.
Thanks for the clarifications,
Hal Finney
hal@rain.org
Follow-Ups: